Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander2011-12-15 07:51:19
PHP
Alexander, 2011-12-15 07:51:19

How to get rid of XSS from a remote page in a frame?

To simplify the example, I will give the following code

. There is a form on the page:

<form id='send' action='../lib/getpage.php' method='post' target='getpage'><br>
       <input id='url' name='url' type='text' value=''><br>
</form><br>

Which betrays the getpage.php file into a frame:
<iframe id='getpage' name='getpage' src='' class='autoHeight' frameborder='0' scrolling='auto'></iframe><br>

The getpage.php file itself produces the page body:
<?<br>
       $url = $_POST['url'];<br>
       $page = file_get_html($url);<br>
       echo $page;<br>
?><br>


If the deleted page contains XSS code, will it affect my site and if so, how to get rid of it?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexander, 2011-12-15
@cry_san

and if just cut out all possible xss in $page before output in getpage.php?

Similar questions
S
StayAtHome2015-04-01 12:24:02
How to distinguish a web request from a regular page from a request from the extension itself from a Chrome/Opera extension? 4Reply
S
student_it2015-04-19 11:49:55
How can I prevent the Referer from being sent when playing an audio file via the HTML Audio tag? 2Reply
R
Rustam Akhmetov2016-06-27 10:05:19
How to speed up cms Moodle? 4Reply
N
Nicholas Hephaestus2022-01-24 20:18:11
Why does the space bar and other keys not work in TeamViewer? 4Reply
A
Alexander Avtomonov2014-06-02 14:38:13
How to install from source under FreeBSD? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question